CN109949046A - The recognition methods of risk clique and device - Google Patents
The recognition methods of risk clique and device Download PDFInfo
- Publication number
- CN109949046A CN109949046A CN201811302555.6A CN201811302555A CN109949046A CN 109949046 A CN109949046 A CN 109949046A CN 201811302555 A CN201811302555 A CN 201811302555A CN 109949046 A CN109949046 A CN 109949046A
- Authority
- CN
- China
- Prior art keywords
- node
- risk
- user
- clique
- label
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Specification discloses recognition methods and the device of a kind of risk clique.This method comprises: historical behavior based on the user that breaks one's promise constructs risk knowledge map, the risk knowledge map includes: non-user node, the user node and there are ordinary user's nodes of incidence relation with the user that breaks one's promise of breaking one's promise;Company side between the node and the node for extracting matching risk template in the risk knowledge map, to form risk map;For each node in the risk map, the label of the node is iterated with the time parameter of neighbor node incidence relation time of origin and the degree of the neighbor node according to it, and after iteration is taken turns in completion one, judge whether the modularity function with time aggregation restrains;When the modularity function convergence of the band time aggregation, the identical node of label is identified as the same risk clique.
Description
Technical field
This specification is related to recognition methods and the device of field of artificial intelligence more particularly to a kind of risk clique.
Background technique
With the fast development of internet finance, network swindle is gradually risen, and there are security risks for black production, black intermediary etc.
Clique controls a large number of users account by illegal means, and carries out arbitrage using these user accounts, upsets internet finance peace
Entirely.
Summary of the invention
In view of this, this specification provides recognition methods and the device of a kind of risk clique.
Specifically, this specification is achieved by the following technical solution:
A kind of recognition methods of risk clique, comprising:
Historical behavior based on the user that breaks one's promise constructs risk knowledge map, and the risk knowledge map includes: non-user section
Point, the user node and there are ordinary user's node of incidence relation, the non-user node on behalf users with the user that breaks one's promise of breaking one's promise
Attributive character, each node in the risk knowledge map has unique tags, and node connects side for indicating the section that is connected
There is incidence relation, the attribute on the even side includes the time parameter for indicating the incidence relation time of origin between point;
Company side between the node and the node for extracting matching risk template in the risk knowledge map, with shape
At risk map, the risk template includes the company side between several every template nodes and the every template node, the every template node packet
Include non-user node, break one's promise one of user node and ordinary user's node or a variety of;
For each node in the risk map, according to the time parameter of itself and neighbor node incidence relation time of origin
The label of the node is iterated with the degree of the neighbor node, and after iteration is taken turns in completion one, judges that the band time is poly-
Whether the modularity function of collection property restrains;
When the modularity function convergence of the band time aggregation, the identical node of label is identified as the same risk
Clique.
A kind of identification device of risk clique, comprising:
Map construction unit, the historical behavior based on the user that breaks one's promise construct risk knowledge map, the risk knowledge map
It include: non-user node, the user node and there are ordinary user's node of incidence relation, the non-user with the user that breaks one's promise of breaking one's promise
The attributive character of node on behalf user, each node in the risk knowledge map have unique tags, node Lian Bianyong
In indicating there is incidence relation between connected node, the attribute on the even side includes for indicating the incidence relation time of origin
Time parameter;
Risk extraction unit, extracted from the risk knowledge map matching risk template node and the node it
Between company side, to form risk map, the risk template includes the company side between several every template nodes and the every template node, institute
Stating every template node includes non-user node, break one's promise one of user node and ordinary user's node or a variety of;
Label iteration unit occurs according to it with neighbor node incidence relation for each node in the risk map
The degree of the time parameter of time and the neighbor node is iterated the label of the node, and takes turns iteration in completion one
Afterwards, judge whether the modularity function with time aggregation restrains;
Clique's recognition unit knows the identical node of label when the modularity function convergence of the band time aggregation
It Wei not the same risk clique.
A kind of identification device of risk clique, comprising:
Processor;
For storing the memory of machine-executable instruction;
Wherein, it can be held by reading and executing the machine corresponding with the recognition logic of risk clique of the memory storage
Row instruction, the processor are prompted to:
Historical behavior based on the user that breaks one's promise constructs risk knowledge map, and the risk knowledge map includes: non-user section
Point, the user node and there are ordinary user's node of incidence relation, the non-user node on behalf users with the user that breaks one's promise of breaking one's promise
Attributive character, each node in the risk knowledge map has unique tags, and node connects side for indicating the section that is connected
There is incidence relation, the attribute on the even side includes the time parameter for indicating the incidence relation time of origin between point;
Company side between the node and the node for extracting matching risk template in the risk knowledge map, with shape
At risk map, the risk template includes the company side between several every template nodes and the every template node, the every template node packet
Include non-user node, break one's promise one of user node and ordinary user's node or a variety of;
For each node in the risk map, according to the time parameter of itself and neighbor node incidence relation time of origin
The label of the node is iterated with the degree of the neighbor node, and after iteration is taken turns in completion one, judges that the band time is poly-
Whether the modularity function of collection property restrains;
When the modularity function convergence of the band time aggregation, the identical node of label is identified as the same risk
Clique.
This specification building includes the risk knowledge figure of user node and non-user node it can be seen from above description
Spectrum, the personal data of script alienation are associated, and matching risk template is then extracted from the risk knowledge map
Company side between node and the node forms risk map of the user on network of breaking one's promise.Each node in risk map can basis
Information of the neighbor node on degree and correlation time the two dimensions select the label of a neighbor node to itself label into
Row iteration, and risk clique can be identified according to iteration result in the modularity function convergence with time aggregation, thus real
Now to the identification of risk clique.
Detailed description of the invention
Fig. 1 is a kind of flow diagram of the recognition methods of risk clique shown in one exemplary embodiment of this specification.
Fig. 2 is a kind of risk knowledge map schematic diagram shown in one exemplary embodiment of this specification.
Fig. 3 is another risk knowledge map schematic diagram shown in one exemplary embodiment of this specification.
Fig. 4 is a kind of risk map schematic diagram shown in one exemplary embodiment of this specification.
Fig. 5 is another risk map schematic diagram shown in one exemplary embodiment of this specification.
Fig. 6 is a kind of label iteration schematic diagram shown in one exemplary embodiment of this specification.
Fig. 7 is a kind of clique's evolution schematic diagram shown in one exemplary embodiment of this specification.
Fig. 8 is that an a kind of structure of identification device for risk clique shown in one exemplary embodiment of this specification is shown
It is intended to.
Fig. 9 is a kind of block diagram of the identification device of risk clique shown in one exemplary embodiment of this specification.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with this specification.On the contrary, they are only and such as institute
The example of the consistent device and method of some aspects be described in detail in attached claims, this specification.
It is only to be not intended to be limiting this explanation merely for for the purpose of describing particular embodiments in the term that this specification uses
Book.The "an" of used singular, " described " and "the" are also intended to packet in this specification and in the appended claims
Most forms are included, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein is
Refer to and includes that one or more associated any or all of project listed may combine.
It will be appreciated that though various information may be described using term first, second, third, etc. in this specification, but
These information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not taking off
In the case where this specification range, the first information can also be referred to as the second information, and similarly, the second information can also be claimed
For the first information.Depending on context, word as used in this " if " can be construed to " ... when " or
" when ... " or " in response to determination ".
This specification provides a kind of identifying schemes of risk clique, can construct risk according to the historical behavior for the user that breaks one's promise and know
Know map, the risk map for matching predetermined risk template, each node in risk map are then extracted from the risk knowledge map
Itself label can be carried out according to the label of feature selecting one neighbor node of its neighbor node on degree and time dimension
It updates, and the identical node of label can be identified as the same risk group in the modularity function convergence with time aggregation
Group, to realize the identification of risk clique.
Fig. 1 is a kind of flow diagram of the recognition methods of risk clique shown in one exemplary embodiment of this specification.
The recognition methods of the risk clique can be applied to identifying platform, and the identifying platform is usually by having identification function
Server or the server cluster composition of energy.
Referring to FIG. 1, the recognition methods of the risk clique can comprise the following steps that
Step 102, the historical behavior based on the user that breaks one's promise constructs risk knowledge map, and the risk knowledge map includes:
Non-user node, the user node and there are ordinary user's node of incidence relation, the non-user nodes with the user that breaks one's promise of breaking one's promise
The attributive character of user is represented, each node in the risk knowledge map has unique tags, and node connects side for table
Show between connected node have incidence relation, it is described even side attribute include for indicate the incidence relation time of origin when
Between parameter.
In the present embodiment, the historical behavior may include payment behavior, for example, transferring accounts on line, paying out on line.It is described
Historical behavior may also include interbehavior, for example, receiving and dispatching instant communication message, making comments.Certainly, the historical behavior is also
It may include other kinds of behavior, this specification is not particularly limited this.
In the present embodiment, the non-user node can include: device node, domain nodes, internodal networking environment etc..Its
In, the device node can be the unique identification of the equipment such as device id, device mac address;The domain nodes can be through
Latitude coordinate, administrative region title etc.;The internodal networking environment can be SSID (the Service Set of locating Wi-Fi network
Identifier, service set), used IP address etc..
The non-user node can represent the attributive character of user, for example, device node can represent equipment that user uses,
Domain nodes can represent region locating for user, internodal networking environment can represent network environment locating when user access network
Deng.
In the present embodiment, each node in risk knowledge map has unique tags.For user node,
The label can be the equal unique corresponding mark with user of user identity card number;For device node, the label can
To be the unique identification of equipment;For domain nodes, the label can be region name etc..
Certainly, in other examples, other modes can also be used specified only for each node in risk knowledge map
One label, such as can sequence be that each node in risk knowledge map specifies unique digital label since 1: 1,2,3 ...,
And so on.
In the present embodiment, when between two nodes have incidence relation when, can between the two nodes the company of building side.
For example, user A transfers accounts to user B, then can between the node for representing the node of user A and representing user B structure
Build connection even side.
For another example the Wi-Fi network that user A access SSID is 123, then can be in node and the representative for representing user A
Building connects side between the node that SSID is 123.
In the present embodiment, time attribute can be increased for even side, such as the incidence relation that side indicates described even can be occurred
Attribute of the time parameter of time as the even side.
Wherein, the time parameter can be the time of origin point of the last incidence relation, such as October 10 in 2018
Day;The time parameter can also be the time of origin point of the last incidence relation away from modern duration, such as 1 day, 5 days etc..
In other examples, the time parameter can have multiple, such as the time of origin point etc. of incidence relation three times recently, this explanation
Book is not particularly limited this.
Step 104, between the node and the node for extracting matching risk template in the risk knowledge map
Lian Bian, to form risk map, the risk template includes the company side between several every template nodes and the every template node, the mould
Plate node includes non-user node, break one's promise one of user node and ordinary user's node or a variety of.
In the present embodiment, the risk template can be preset.For example, can be to historical fraud, row of breaking one's promise
For etc. there are the incidence relations in the behavior of risk between user and user, user and equipment, user and network environment to return
Extraction is received, to obtain the risk template.
It breaks one's promise user B for example, the risk template can be the user A- that breaks one's promise, indicates to have between two users that break one's promise and close
Connection relationship.
For another example the risk template can be the user A- operation equipment 1- user B that breaks one's promise, expression is broken one's promise user and common
User has incidence relation with operation equipment 1.
Step 106, for each node in the risk map, according to itself and neighbor node incidence relation time of origin
The degree of time parameter and the neighbor node is iterated the label of the node, and after iteration is taken turns in completion one, judgement
Whether the modularity function with time aggregation restrains.
Step 108, when the modularity function convergence of the band time aggregation, the identical node of label is identified as together
One risk clique.
In the present embodiment, each node can be iterated itself label according to the label of its neighbor node in risk map,
And can judge whether the modularity function with time aggregation restrains after every wheel iteration, if convergence, can get the bid risk map
It signs identical node and is identified as the same risk clique.
Above-mentioned neighbor node is usually the node that there is even side with node, i.e. two connected nodes of a company side are right each other
The neighbor node of side.
When being iterated to itself label, the neighbours that neighbor node degree is high, incidence relation time of origin is close may be selected
Itself tag update is then the target labels, to complete epicycle iteration as target labels by the label of node.
The modularity function of above-mentioned band time aggregation increases time aggregation information on the basis of modularity function.One
As for, the same risk clique can present concentration crime the characteristics of, on the basis of modularity function increase time aggregation
Information can effectively improve the accuracy of risk clique identification.
This specification building includes the risk knowledge figure of user node and non-user node it can be seen from above description
Spectrum, the personal data of script alienation are associated, and matching risk template is then extracted from the risk knowledge map
Company side between node and the node forms risk map of the user on network of breaking one's promise.Each node in risk map can basis
Information of the neighbor node on degree and correlation time the two dimensions select the label of a neighbor node to itself label into
Row iteration, and risk clique can be identified according to iteration result in the modularity function convergence with time aggregation, thus real
Now to the identification of risk clique.
It is retouched in terms of the building of risk knowledge map, the extraction of risk map, the identification of risk clique three separately below
State the realization process of this specification.
One, the building of risk knowledge map
In the present embodiment, the historical behavior of the user that breaks one's promise identified can first be obtained.The user that breaks one's promise can be based on
Identification method in the related technology is identified that this is no longer going to repeat them for this specification, and the user that breaks one's promise may include swindle
User, black production user etc..
In one example, the historical behavior of nearly half a year or nearly 1 year each user that breaks one's promise can be obtained.Then it can be gone through described
User, equipment, network environment, region for being related in history behavior etc. are abstracted into the node in risk knowledge map.
For example, each user is a node, can the information such as identification card number, cell-phone number, account to user add
Close equal processing, and use processing result as the label of corresponding user node.
It, can MAC to terminal device for another example the terminal devices such as mobile phone, computer that user uses are also a node
The information such as location carry out the processing such as encrypting, and use processing result as the label of counterpart terminal device node.
In another example the Wi-Fi network of user's access is also a node, the SSID of the Wi-Fi network can be encrypted
Deng processing, and use processing result as the label of corresponding Wi-Fi network node.
It in the present embodiment, can be based on the behaviors such as payment behavior, the interbehavior of user in history building risk of breaking one's promise
Knowledge mapping, the Lian Bian between the risk knowledge map interior joint, which is represented, has incidence relation between connected node, such as: turn
The attribute of account relationship, friend relation etc., the even side includes the last time of origin point of corresponding incidence relation.
As an example it is assumed that the user A that breaks one's promise was transferred accounts 50 yuan using mobile phone a to user B on October 10th, 2018, break faith
A last time in family is on October 20th, 2018 using mobile phone a, and user's B last time is October 18 in 2018 using mobile phone b
Day, and at that time mobile phone b access Wi-Fi network 123, the user A and user B that breaks one's promise be identified the last time be in Beijing be
On October 21st, 2018, then risk knowledge map shown in Fig. 2 can be constructed according to these information.Risk knowledge shown in Fig. 2
Map is digraph, can also construct non-directed graph in practical applications, and this specification is not particularly limited this.
In the present embodiment, the user node in risk knowledge map is divided into two classes, and one kind is the above-mentioned mistake identified
The corresponding user node of breaking one's promise of credit household, such as user node A shown in Fig. 2;It is another kind of to be associated with user's presence of breaking one's promise
The corresponding ordinary user's node of the ordinary user of relationship, such as user node B shown in Fig. 2.The ordinary user may be just
Common family, it is also possible to the user that breaks one's promise not yet being identified.
Two, the extraction of risk map
In the present embodiment, the fraud identified in history, discreditable behavior etc. can be summarized there are the behavior of risk,
And the incidence relation in these behaviors between user and user, user and equipment, user and network environment etc. is summarized, to extract
Risk template out.
The risk template usually has multiple, and each risk template may comprise several every template nodes and the every template node
Between company side, wherein the every template node includes breaking one's promise one of user node, ordinary user's node and non-user node
Or it is a variety of.
In one example, the risk template may include following three kinds:
1. break one's promise user A- user C
The user B 2. the user A- that breaks one's promise breaks one's promise
3. break one's promise user A- non-user D- user C
"-" in above-mentioned risk template indicates there is even side, but the not company's of restriction edge direction, i.e., two between two every template nodes
There is incidence relation between a every template node.
By taking the 1st risk template as an example, which indicates there is incidence relation between break faith family A and user C.
The above-mentioned user A and user B that breaks one's promise that breaks one's promise can refer to all users that break one's promise.
Above-mentioned user C can refer to any user in risk knowledge map, it may include break one's promise user, may also comprise common
User.
Above-mentioned non-user D can refer to a kind of equipment, such as mobile terminal device, PC equipment, can also refer to Wi-Fi net
Network etc..
The above-mentioned exemplary only explanation of risk template also can extract other kinds of risk template in practical applications,
This specification is not particularly limited this.
In the present embodiment, it can extract the company between the node and node that match the risk template in risk knowledge map
Side, to form risk map.
For example, every connected component can be traversed from each user node of breaking one's promise in risk knowledge map, with judgement
Whether the company side between node and node in the connected component matches the risk template.
Undirected risk knowledge map shown in Fig. 3 is please referred to, according to above-mentioned three classes risk template, figure can be obtained by extracting
Risk map shown in 4.
Three, the identification of risk clique
In the present embodiment, each node in risk map can change to itself label according to the label of its neighbor node
Generation, and can determine that iteration terminates, and then can be identical by label in risk map in the modularity function convergence with time aggregation
Node be identified as the same risk clique.Wherein user node represents the gang member in risk clique, non-user node generation
The information such as terminal device, Wi-Fi network, the geographic location that table risk clique uses, the non-user node can also be regarded as
It is a kind of gang member.
When carrying out label iteration, the neighbor node that neighbor node degree is high, incidence relation time of origin is close may be selected
Itself tag update is then the target labels, to complete epicycle iteration as target labels by label.Wherein, Lin Jujie
Point degree is higher, usually illustrates that the neighbor node is more important;Incidence relation time of origin is closer, usually explanation and the neighbor node
Connection it is closer.
In one example, when the time point that company's side attribute of risk map is corresponding incidence relation the last time time of origin
When, the incidence relation time of origin first can be calculated away from modern duration according to the time point.The unit of the duration can be based on answering
It is preassigned with scene, such as day, hour etc..
The attribute value of the neighbor node label can be calculated according to the degree of the duration and respective neighbours node, and can will be belonged to
Property value meet the neighbor node label of predetermined condition and be determined as target labels, be then the target by the tag update of this node
Label.
The risk illustrated example of Fig. 5 is please referred to, which includes 6 nodes, it is assumed that the label of this 6 nodes is respectively 1
To 6.By taking the label to node 1 is iterated as an example, node 2 is the neighbor node of node 1 to node 5.
| Neighbor node | Neighbor node degree | Incidence relation is away from modern duration |
| Node 2 | 1 | 5 |
| Node 3 | 3 | 2 |
| Node 4 | 4 | 2 |
| Node 5 | 2 | 8 |
Table 1
The example of table 1 is please referred to, the degree of each neighbor node of node 1 and corresponding incidence relation time of origin are away from the present
Duration.In this example, the function of above-mentioned degree and duration can be constructed to calculate the attribute value of neighbor node label, such as linear letter
Number etc..
As an example it is assumed that indicating the degree of neighbor node using x, duration of the incidence relation away from the present is indicated using y,
Attribute value is indicated using f (x, y), in one example, f (x, y)=ax+by, wherein a and b is constant.
When a is the constant greater than 0, b can be set smaller than to 0 constant, and the maximum neighbours' section of f (x, y) can be chosen
Point label is as target labels;
When a is the constant less than 0, b can be set greater than to 0 constant, and the smallest neighbours' section of f (x, y) can be chosen
Point label is as target labels.
When f (x, y) maximum or the smallest neighbor node label have multiple, one can be randomly choosed wherein as target
Label.
Still it is exemplified by Table 1, it is assumed that the attribute value of the label of node 4 is maximum, then the label of node 1 can be updated to 4 by 1,
Obtain risk map shown in fig. 6.
In the present embodiment, after iteration is taken turns in completion one, it can determine whether the modularity function with time aggregation restrains.
The company number of edges amount Zhan Suoyou that the modularity function of the band time aggregation is equal in same community connects number of edges amount
Ratio carries out being randomly assigned the desired difference of obtained probability with to the even side, then subtracts the time of same community Nei Lianbian
Aggregation parameter.
In one example, following formula can be used and calculate the modularity function Q with time aggregation:
In above-mentioned formula, m indicates that company's side sum of risk map, v and w indicate the node in risk map, and α is constant.
The adjacency matrix of A expression risk map.When having Lian Bianshi, A between node v and node wvw=1;As node v and node w
Between there is no Lian Bianshi, Avw=0.
After indicating to even side is randomly assigned, node v and node w connect the expectation of number of edges.
When node v and node w are at the same community, δ (cv,cw)=1;When node v and node be not in the same community
When, δ (cv,cw)=0.
T is used to indicate the time aggregation of same community Nei Lianbian.TvwIt can be equal to the time ginseng that node v and node w connects side
Several differences with the even time parameter medians on side all inside community.
By taking the time parameter on even side is duration of the corresponding incidence relation the last time time of origin away from the present as an example, will can first it save
The corresponding durations in all even sides are ranked up in point v and the affiliated community node w, are then chosen median, are reused node v and section
Point w connects the corresponding duration in side and subtracts the median, obtains the difference.
Certainly, in other examples, the median can also be replaced using average, it is special that this specification does not make this
Limitation.
In the present embodiment, TvwIt is smaller, illustrate that the time aggregation of the affiliated community's interior nodes of node v and node w is higher, into
And illustrate that current community division result is more accurate.
In the present embodiment, it can determine that iteration terminates, in turn in the modularity function convergence of above-mentioned band time aggregation
The identical node of label can be identified as to the same risk clique.
Optionally, in other examples, when the modularity function convergence of above-mentioned band time aggregation, can also further sentence
Whether the label of each node and last round of iteration result are identical in disconnected risk map, if they are the same, then can determine that iteration terminates, Jin Erke
The identical node of label is identified as the same risk clique;If not identical, iteration can proceed with, until in risk map
The label of each node is identical as last round of iteration result.
The risk clique identifying schemes that this specification provides can also support the identification to risk clique evolution.
In one example, the identification of risk clique can be carried out using the above scheme according to scheduled recognition cycle, it is described
Recognition cycle can be preset, such as: it daily, every 3 days, weekly etc., can be configured according to the characteristics of application scenarios.
By taking recognition cycle is daily as an example, the identifying schemes of primary above-mentioned risk clique can be executed daily, for not on the same day
The risk clique that phase is identified can judge whether it is the same risk clique according to the coincidence situation of gang member.For example, ought not
When the risk clique that same date identifies has part same node point, these risk cliques can be determined as to the same risk group
Group, the part same node point is the core member of the risk clique.Above-mentioned gang member includes user node, also includes non-use
Family node.
| Identification Date | Gang member |
| September 1 day | Node 1- node 12, node 25, node 36 |
| September 15 days | Node 1- node 20, node 25, node 40- node 60 |
| September 30 days | Node 1- node 8, node 25, node 80- node 85 |
Table 2
The example of table 2 is please referred to, the risk clique node having the same that three recognition cycles shown in table 2 identify:
Node 1- node 8, node 25 then can determine that these three risk cliques are the same risk cliques, and core member is node 1-
Node 8 and node 25.
It is worth noting that, node identification shown in table 2 is the mark letter that can uniquely navigate to a user or equipment
Breath, such as user identity card number, device mac address etc. are different to reuse in different recognition cycles in previous embodiment
Natural number node label.
In the present embodiment, the same risk clique identified for different recognition cycles, can be respectively from corresponding risk
The network structure of the risk clique is extracted in knowledge mapping, such as can extract in the risk clique each node and described
Company's side structure between node, obtains the network structure.
Still by taking the example of table 2 as an example, node 1- node 12, node can be extracted from September 1st risk knowledge map
25, company's side structure between node 36 and these nodes, obtains corresponding network structure.It can also know from September risk on the 15th
Know and extract node 1- node 20 in map, company's side structure between node 25, node 40- node 60 and these nodes obtains pair
The network structure answered.Node 1- node 8, node 25, node 80- section can be also extracted from September 30th risk knowledge maps
Company's side structure between point 85 and these nodes, obtains corresponding network structure.
In the present embodiment, the network structure for the same risk clique that can be identified different recognition cycles passes through can
Displaying is compared depending on changing interface, to intuitively show the landslide evolution process of the risk clique, such as clique's initial stage, clique
Expansion period, clique's sunset etc..
Optionally, it is the core member for marking the risk clique, can is also node setting identical in above-mentioned risk clique
Identical displaying attribute, the displaying attribute can include: color, lines shade pattern etc..
The example of Fig. 7 is please referred to, Fig. 7 illustrates member's variation of three different times of the same risk clique, wherein
Dark node is the core member of the risk clique, and grayed-out nodes are not risk clique core members.
The present embodiment carries out periodical identification to risk clique, and can be according to common node to same under different recognition cycles
One risk clique is identified, so that the development and change process of risk clique is identified, convenient for air control personnel to different times
Risk clique carry out difference prevention and control, such as can the risk clique to the early stage of development carry out emphasis supervision, to being in sunset
Risk clique carry out continue tracking etc., further increase the control effect of risk clique.
Corresponding with the embodiment of the recognition methods of aforementioned risk clique, this specification additionally provides the identification of risk clique
The embodiment of device.
The embodiment of the identification device of this specification risk clique can be using on the server.Installation practice can lead to
Software realization is crossed, can also be realized by way of hardware or software and hardware combining.Taking software implementation as an example, as a logic
Device in meaning is by the processor of server where it by computer program instructions corresponding in nonvolatile memory
It is read into memory what operation was formed.For hardware view, as shown in figure 8, being the identification device of this specification risk clique
A kind of hardware structure diagram of place server, in addition to processor shown in Fig. 8, memory, network interface and non-volatile memories
Except device, the server in embodiment where device can also include other hardware generally according to the actual functional capability of the server,
This is repeated no more.
Fig. 9 is a kind of block diagram of the identification device of risk clique shown in one exemplary embodiment of this specification.
Referring to FIG. 9, the identification device 800 of the risk clique can be applied in aforementioned server shown in Fig. 8, packet
It has included: map construction unit 801, risk extraction unit 802, label iteration unit 803, clique's recognition unit 804 and structure exhibition
Show unit 805.
Wherein, map construction unit 801, the historical behavior based on the user that breaks one's promise construct risk knowledge map, the risk
Knowledge mapping includes: non-user node, the user node and there are ordinary user's node of incidence relation, institutes with the user that breaks one's promise of breaking one's promise
The attributive character of non-user node on behalf user is stated, each node in the risk knowledge map has unique tags, section
Even for indicating there is incidence relation between connected node, the attribute on the even side includes for indicating the incidence relation to point on side
The time parameter of time of origin;
Risk extraction unit 802 extracts the node and the section of matching risk template from the risk knowledge map
Company side between point, to form risk map, the risk template includes the company between several every template nodes and the every template node
Side, the every template node include non-user node, break one's promise one of user node and ordinary user's node or a variety of;
Label iteration unit 803 is sent out according to it with neighbor node incidence relation for each node in the risk map
The time parameter of raw time and the degree of the neighbor node are iterated the label of the node, and take turns iteration in completion one
Afterwards, judge whether the modularity function with time aggregation restrains;
Clique's recognition unit 804, when the modularity function convergence of the band time aggregation, by the identical node of label
It is identified as the same risk clique.
Optionally, the risk extraction unit 802:
Every connected component for traversing user node of breaking one's promise from the risk knowledge map judges the connection point
Whether the company side between node and node in branch matches the risk template.
Optionally, the label iteration unit 803:
For each neighbor node of the node, the node and its neighbor node are determined most according to the time parameter
The time of origin of nearly once connection relationship is away from modern duration;
The attribute value of the neighbor node label is calculated according to the duration and the degree;
The neighbor node label that attribute value meets predetermined condition is determined as target labels;
It is the target labels by the tag update of the node.
Optionally, the label iteration unit 803:
By the duration and the degree multiplied by summing after corresponding constant, the attribute value is obtained;
When the corresponding constant of the duration is negative, the corresponding constant of the degree is positive number, the predetermined condition is
Attribute value is maximum.
Optionally, the company number of edges amount Zhan Suoyou that the modularity function of the band time aggregation is equal in same community connects side
The ratio of quantity carries out being randomly assigned the desired difference of obtained probability with to the even side, then subtracts same community Nei Lianbian
Time aggregation parameter.
Optionally, the time aggregation parameter of the same community Nei Lianbian is equal to the even time parameter on side and the community
The difference of internal all even time parameter medians on side.
Optionally, clique's recognition unit 804:
When the modularity function convergence of the band time aggregation, judge in the risk map label of each node with
Whether last round of iteration result is identical;If they are the same, then the identical node of label is identified as the same risk clique.
Optionally, the identification of risk clique clique's recognition unit 804: is carried out according to scheduled recognition cycle;If when
When doing the risk clique that different recognition cycles identify has part same node point, by the risk with part same node point
Clique is identified as the same risk clique, and the part same node point is identified as to the core member of the risk clique.
Structure display unit 805 extracts the risk with part same node point from corresponding risk knowledge map
The network structure of clique;The network structure is shown by visualization interface.
Optionally, the part same node point displaying attribute having the same in every network structure.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus
Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit
The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with
It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual
The purpose for needing to select some or all of the modules therein to realize this specification scheme.Those of ordinary skill in the art are not
In the case where making the creative labor, it can understand and implement.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can
To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment
The combination of any several equipment.
Corresponding with the embodiment of the recognition methods of aforementioned risk clique, this specification also provides a kind of knowledge of risk clique
Other device, the device include: processor and the memory for storing machine-executable instruction.Wherein, processor and storage
Device is usually connected with each other by internal bus.In other possible implementations, the equipment is also possible that external interface,
Can be communicated with other equipment or component.
In the present embodiment, by reading and executing the corresponding with the recognition logic of risk clique of the memory storage
Machine-executable instruction, the processor are prompted to:
Historical behavior based on the user that breaks one's promise constructs risk knowledge map, and the risk knowledge map includes: non-user section
Point, the user node and there are ordinary user's node of incidence relation, the non-user node on behalf users with the user that breaks one's promise of breaking one's promise
Attributive character, each node in the risk knowledge map has unique tags, and node connects side for indicating the section that is connected
There is incidence relation, the attribute on the even side includes the time parameter for indicating the incidence relation time of origin between point;
Company side between the node and the node for extracting matching risk template in the risk knowledge map, with shape
At risk map, the risk template includes the company side between several every template nodes and the every template node, the every template node packet
Include non-user node, break one's promise one of user node and ordinary user's node or a variety of;
For each node in the risk map, according to the time parameter of itself and neighbor node incidence relation time of origin
The label of the node is iterated with the degree of the neighbor node, and after iteration is taken turns in completion one, judges that the band time is poly-
Whether the modularity function of collection property restrains;
When the modularity function convergence of the band time aggregation, the identical node of label is identified as the same risk
Clique.
Optionally, between the node and the node for extracting matching risk template in the risk knowledge map
Even when side, the processor is prompted to:
Every connected component for traversing user node of breaking one's promise from the risk knowledge map judges the connection point
Whether the company side between node and node in branch matches the risk template.
Optionally, according to itself and the time parameter of neighbor node incidence relation time of origin and the degree of the neighbor node
When several labels to the node are iterated, the processor is prompted to:
For each neighbor node of the node, the node and its neighbor node are determined most according to the time parameter
The time of origin of nearly once connection relationship is away from modern duration;
The attribute value of the neighbor node label is calculated according to the duration and the degree;
The neighbor node label that attribute value meets predetermined condition is determined as target labels;
It is the target labels by the tag update of the node.
Optionally, when calculating the attribute value of the neighbor node label according to the duration and the degree, the place
Reason device is prompted to:
By the duration and the degree multiplied by summing after corresponding constant, the attribute value is obtained;
When the corresponding constant of the duration is negative, the corresponding constant of the degree is positive number, the predetermined condition is
Attribute value is maximum.
Optionally, the company number of edges amount Zhan Suoyou that the modularity function of the band time aggregation is equal in same community connects side
The ratio of quantity carries out being randomly assigned the desired difference of obtained probability with to the even side, then subtracts same community Nei Lianbian
Time aggregation parameter.
Optionally, the time aggregation parameter of the same community Nei Lianbian is equal to the even time parameter on side and the community
The difference of internal all even time parameter medians on side.
Optionally, when the modularity function convergence of the band time aggregation, the processor is prompted to:
Judge whether the label of each node and last round of iteration result are identical in the risk map;
If they are the same, then the identical node of label is identified as the same risk clique.
Optionally, the processor is also prompted to:
The identification of risk clique is carried out according to scheduled recognition cycle;
When the risk clique that several different recognition cycles identify has part same node point, described there will be part phase
Risk clique with node is identified as the same risk clique, and the part same node point is identified as to the core of the risk clique
Heart member.
Optionally, the processor is also prompted to: being extracted from corresponding risk knowledge map described identical with part
The network structure of the risk clique of node;
The network structure is shown by visualization interface.
Optionally, the part same node point displaying attribute having the same in every network structure.
Corresponding with the embodiment of the recognition methods of aforementioned risk clique, this specification also provides a kind of computer-readable deposit
Storage media is stored with computer program on the computer readable storage medium, realizes when which is executed by processor following
Step:
Historical behavior based on the user that breaks one's promise constructs risk knowledge map, and the risk knowledge map includes: non-user section
Point, the user node and there are ordinary user's node of incidence relation, the non-user node on behalf users with the user that breaks one's promise of breaking one's promise
Attributive character, each node in the risk knowledge map has unique tags, and node connects side for indicating the section that is connected
There is incidence relation, the attribute on the even side includes the time parameter for indicating the incidence relation time of origin between point;
Company side between the node and the node for extracting matching risk template in the risk knowledge map, with shape
At risk map, the risk template includes the company side between several every template nodes and the every template node, the every template node packet
Include non-user node, break one's promise one of user node and ordinary user's node or a variety of;
For each node in the risk map, according to the time parameter of itself and neighbor node incidence relation time of origin
The label of the node is iterated with the degree of the neighbor node, and after iteration is taken turns in completion one, judges that the band time is poly-
Whether the modularity function of collection property restrains;
When the modularity function convergence of the band time aggregation, the identical node of label is identified as the same risk
Clique.
Optionally, described between the node and the node that extract matching risk template in the risk knowledge map
Company side, comprising:
Every connected component for traversing user node of breaking one's promise from the risk knowledge map judges the connection point
Whether the company side between node and node in branch matches the risk template.
Optionally, the time parameter according to it with neighbor node incidence relation time of origin and the neighbor node
Degree is iterated the label of the node, comprising:
For each neighbor node of the node, the node and its neighbor node are determined most according to the time parameter
The time of origin of nearly once connection relationship is away from modern duration;
The attribute value of the neighbor node label is calculated according to the duration and the degree;
The neighbor node label that attribute value meets predetermined condition is determined as target labels;
It is the target labels by the tag update of the node.
Optionally, the attribute value that the neighbor node label is calculated according to the duration and the degree, comprising:
By the duration and the degree multiplied by summing after corresponding constant, the attribute value is obtained;
When the corresponding constant of the duration is negative, the corresponding constant of the degree is positive number, the predetermined condition is
Attribute value is maximum.
Optionally, the company number of edges amount Zhan Suoyou that the modularity function of the band time aggregation is equal in same community connects side
The ratio of quantity carries out being randomly assigned the desired difference of obtained probability with to the even side, then subtracts same community Nei Lianbian
Time aggregation parameter.
Optionally, the time aggregation parameter of the same community Nei Lianbian is equal to the even time parameter on side and the community
The difference of internal all even time parameter medians on side.
Optionally, when the modularity function convergence of the band time aggregation, further includes:
Judge whether the label of each node and last round of iteration result are identical in the risk map;
If they are the same, then the identical node of label is identified as the same risk clique.
Optionally, further includes:
The identification of risk clique is carried out according to scheduled recognition cycle;
When the risk clique that several different recognition cycles identify has part same node point, described there will be part phase
Risk clique with node is identified as the same risk clique, and the part same node point is identified as to the core of the risk clique
Heart member.
Optionally, further includes:
The network structure of the risk clique with part same node point is extracted from corresponding risk knowledge map;
The network structure is shown by visualization interface.
Optionally, the part same node point displaying attribute having the same in every network structure.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims
It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment
It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable
Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can
With or may be advantageous.
The foregoing is merely the preferred embodiments of this specification, all in this explanation not to limit this specification
Within the spirit and principle of book, any modification, equivalent substitution, improvement and etc. done should be included in the model of this specification protection
Within enclosing.
Claims (21)
1. a kind of recognition methods of risk clique, comprising:
Historical behavior based on the user that breaks one's promise constructs risk knowledge map, and the risk knowledge map includes: non-user node, loses
Credit household's node and there are ordinary user's node of incidence relation, the attributes of the non-user node on behalf user with the user that breaks one's promise
Feature, each node in the risk knowledge map have unique tags, and node connects side for indicating between connected node
With incidence relation, the attribute on the even side includes the time parameter for indicating the incidence relation time of origin;
Company side between the node and the node for extracting matching risk template in the risk knowledge map, to form wind
Danger figure, the risk template includes the company side between several every template nodes and the every template node, and the every template node includes non-
User node, break one's promise one of user node and ordinary user's node or a variety of;
For each node in the risk map, according to its time parameter and institute with neighbor node incidence relation time of origin
The degree for stating neighbor node is iterated the label of the node, and after iteration is taken turns in completion one, judges band time aggregation
Modularity function whether restrain;
When the modularity function convergence of the band time aggregation, the identical node of label is identified as the same risk group
Group.
2. according to the method described in claim 1, the section for extracting matching risk template from the risk knowledge map
Company side between point and the node, comprising:
Every connected component for traversing user node of breaking one's promise from the risk knowledge map, judges in the connected component
Node and node between company side whether match the risk template.
3. according to the method described in claim 1, the time parameter according to itself and neighbor node incidence relation time of origin
The label of the node is iterated with the degree of the neighbor node, comprising:
For each neighbor node of the node, the node and its neighbor node nearest one are determined according to the time parameter
The time of origin of secondary association relationship is away from modern duration;
The attribute value of the neighbor node label is calculated according to the duration and the degree;
The neighbor node label that attribute value meets predetermined condition is determined as target labels;
It is the target labels by the tag update of the node.
4. according to the method described in claim 3, described calculate the neighbor node label according to the duration and the degree
Attribute value, comprising:
By the duration and the degree multiplied by summing after corresponding constant, the attribute value is obtained;
When the corresponding constant of the duration is negative, the corresponding constant of the degree is positive number, the predetermined condition is attribute
Value is maximum.
5. according to the method described in claim 1,
The company number of edges amount Zhan Suoyou that the modularity function of the band time aggregation is equal in same community connects the ratio of number of edges amount
It carries out being randomly assigned the desired difference of obtained probability with to the even side, then subtracts the time aggregation of same community Nei Lianbian
Property parameter.
6. according to the method described in claim 5,
The time aggregation parameter of the same community Nei Lianbian is equal to all companies inside the even time parameter on side and community
The difference of the time parameter median on side.
7. according to the method described in claim 1, when the modularity function convergence of the band time aggregation, further includes:
Judge whether the label of each node and last round of iteration result are identical in the risk map;
If they are the same, then the identical node of label is identified as the same risk clique.
8. according to the method described in claim 1, further include:
The identification of risk clique is carried out according to scheduled recognition cycle;
When the risk clique that several different recognition cycles identify has part same node point, described there will be the identical section in part
The risk clique of point is identified as the same risk clique, by the part same node point be identified as the core of the risk clique at
Member.
9. according to the method described in claim 8, further include:
The network structure of the risk clique with part same node point is extracted from corresponding risk knowledge map;
The network structure is shown by visualization interface.
10. according to the method described in claim 9,
Part same node point displaying attribute having the same in every network structure.
11. a kind of identification device of risk clique, comprising:
Map construction unit, the historical behavior based on the user that breaks one's promise construct risk knowledge map, and the risk knowledge map includes:
Non-user node, the user node and there are ordinary user's node of incidence relation, the non-user nodes with the user that breaks one's promise of breaking one's promise
The attributive character of user is represented, each node in the risk knowledge map has unique tags, and node connects side for table
Show between connected node have incidence relation, it is described even side attribute include for indicate the incidence relation time of origin when
Between parameter;
Risk extraction unit, between the node and the node for extracting matching risk template in the risk knowledge map
Lian Bian, to form risk map, the risk template includes the company side between several every template nodes and the every template node, the mould
Plate node includes non-user node, break one's promise one of user node and ordinary user's node or a variety of;
Label iteration unit, for each node in the risk map, according to itself and neighbor node incidence relation time of origin
Time parameter and the degree of the neighbor node label of the node is iterated, and after iteration is taken turns in completion one, sentence
Whether the disconnected modularity function with time aggregation restrains;
The identical node of label is identified as by clique's recognition unit when the modularity function convergence of the band time aggregation
The same risk clique.
12. device according to claim 11, the risk extraction unit:
Every connected component for traversing user node of breaking one's promise from the risk knowledge map, judges in the connected component
Node and node between company side whether match the risk template.
13. device according to claim 11, the label iteration unit:
For each neighbor node of the node, the node and its neighbor node nearest one are determined according to the time parameter
The time of origin of secondary association relationship is away from modern duration;
The attribute value of the neighbor node label is calculated according to the duration and the degree;
The neighbor node label that attribute value meets predetermined condition is determined as target labels;
It is the target labels by the tag update of the node.
14. device according to claim 13, the label iteration unit:
By the duration and the degree multiplied by summing after corresponding constant, the attribute value is obtained;
When the corresponding constant of the duration is negative, the corresponding constant of the degree is positive number, the predetermined condition is attribute
Value is maximum.
15. device according to claim 11,
The company number of edges amount Zhan Suoyou that the modularity function of the band time aggregation is equal in same community connects the ratio of number of edges amount
It carries out being randomly assigned the desired difference of obtained probability with to the even side, then subtracts the time aggregation of same community Nei Lianbian
Property parameter.
16. device according to claim 15,
The time aggregation parameter of the same community Nei Lianbian is equal to all companies inside the even time parameter on side and community
The difference of the time parameter median on side.
17. device according to claim 11, clique's recognition unit:
When the modularity function convergence of the band time aggregation, the label of each node and upper one in the risk map is being judged
Whether identical take turns iteration result;If they are the same, then the identical node of label is identified as the same risk clique.
18. device according to claim 11,
Clique's recognition unit carries out the identification of risk clique according to scheduled recognition cycle;When several different recognition cycles
When the risk clique identified has part same node point, the risk clique with part same node point is identified as same
The part same node point is identified as the core member of the risk clique by a risk clique.
19. device according to claim 18, further includes:
Structure display unit extracts the net of the risk clique with part same node point from corresponding risk knowledge map
Network structure chart;The network structure is shown by visualization interface.
20. device according to claim 19,
Part same node point displaying attribute having the same in every network structure.
21. a kind of identification device of risk clique, comprising:
Processor;
For storing the memory of machine-executable instruction;
Wherein, referred to by reading and executing the machine corresponding with the recognition logic of risk clique of the memory storage and can be performed
It enables, the processor is prompted to:
Historical behavior based on the user that breaks one's promise constructs risk knowledge map, and the risk knowledge map includes: non-user node, loses
Credit household's node and there are ordinary user's node of incidence relation, the attributes of the non-user node on behalf user with the user that breaks one's promise
Feature, each node in the risk knowledge map have unique tags, and node connects side for indicating between connected node
With incidence relation, the attribute on the even side includes the time parameter for indicating the incidence relation time of origin;
Company side between the node and the node for extracting matching risk template in the risk knowledge map, to form wind
Danger figure, the risk template includes the company side between several every template nodes and the every template node, and the every template node includes non-
User node, break one's promise one of user node and ordinary user's node or a variety of;
For each node in the risk map, according to its time parameter and institute with neighbor node incidence relation time of origin
The degree for stating neighbor node is iterated the label of the node, and after iteration is taken turns in completion one, judges band time aggregation
Modularity function whether restrain;
When the modularity function convergence of the band time aggregation, the identical node of label is identified as the same risk group
Group.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811302555.6A CN109949046B (en) | 2018-11-02 | 2018-11-02 | Identification method and device for risk group partner |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811302555.6A CN109949046B (en) | 2018-11-02 | 2018-11-02 | Identification method and device for risk group partner |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109949046A true CN109949046A (en) | 2019-06-28 |
| CN109949046B CN109949046B (en) | 2023-06-09 |
Family
ID=67006318
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811302555.6A Active CN109949046B (en) | 2018-11-02 | 2018-11-02 | Identification method and device for risk group partner |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109949046B (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110348719A (en) * | 2019-06-29 | 2019-10-18 | 上海淇毓信息科技有限公司 | A kind of risk control method based on user information knowledge mapping, device and electronic equipment |
| CN110414987A (en) * | 2019-07-18 | 2019-11-05 | 中国工商银行股份有限公司 | Recognition methods, device and the computer system of account aggregation |
| CN110457893A (en) * | 2019-07-24 | 2019-11-15 | 阿里巴巴集团控股有限公司 | The method and apparatus for obtaining account number group |
| CN110555564A (en) * | 2019-09-06 | 2019-12-10 | 中国农业银行股份有限公司 | Method and device for predicting client associated risk |
| CN110851541A (en) * | 2019-10-30 | 2020-02-28 | 支付宝(杭州)信息技术有限公司 | Method and device for generating risk characteristics based on relational graph |
| CN111080439A (en) * | 2019-12-13 | 2020-04-28 | 南京三百云信息科技有限公司 | Time-based object identification method and device and electronic equipment |
| CN111091287A (en) * | 2019-12-13 | 2020-05-01 | 南京三百云信息科技有限公司 | Risk object identification method and device and computer equipment |
| CN111309822A (en) * | 2020-02-11 | 2020-06-19 | 深圳众赢维融科技有限公司 | User identity identification method and device |
| CN111709756A (en) * | 2020-06-16 | 2020-09-25 | 银联商务股份有限公司 | Method and device for identifying suspicious communities, storage medium and computer equipment |
| CN111738817A (en) * | 2020-05-15 | 2020-10-02 | 苏宁金融科技(南京)有限公司 | Method and system for identifying risk community |
| CN111915426A (en) * | 2020-08-04 | 2020-11-10 | 中投国信(北京)科技发展有限公司 | Method and system for distinguishing credit users based on graph calculation and community division algorithm |
| CN112001649A (en) * | 2020-08-27 | 2020-11-27 | 支付宝(杭州)信息技术有限公司 | Risk data mining method, device and equipment |
| CN112184299A (en) * | 2020-09-23 | 2021-01-05 | 中国建设银行股份有限公司 | Arbitrage user identification method, apparatus, electronic device and medium |
| CN112330373A (en) * | 2020-11-30 | 2021-02-05 | 中国银联股份有限公司 | User behavior analysis method and device and computer readable storage medium |
| CN112700261A (en) * | 2020-12-30 | 2021-04-23 | 平安科技(深圳)有限公司 | Suspicious community-based brushing behavior detection method, device, equipment and medium |
| CN112860951A (en) * | 2019-11-28 | 2021-05-28 | 武汉斗鱼鱼乐网络科技有限公司 | Method and system for identifying target account |
| CN113033966A (en) * | 2021-03-03 | 2021-06-25 | 携程旅游信息技术(上海)有限公司 | Risk target identification method and device, electronic equipment and storage medium |
| CN113722576A (en) * | 2021-05-07 | 2021-11-30 | 北京达佳互联信息技术有限公司 | Network security information processing method, query method and related device |
| CN113724073A (en) * | 2021-09-09 | 2021-11-30 | 支付宝(杭州)信息技术有限公司 | Risk identification and control method and device |
| CN113807723A (en) * | 2021-09-24 | 2021-12-17 | 重庆富民银行股份有限公司 | Risk identification method for knowledge graph |
| CN113869904A (en) * | 2021-08-16 | 2021-12-31 | 工银科技有限公司 | Suspicious data identification method, device, electronic equipment, medium and computer program |
| CN114444873A (en) * | 2021-12-28 | 2022-05-06 | 支付宝(杭州)信息技术有限公司 | Risk identification method, device and equipment |
| CN115150130A (en) * | 2022-06-08 | 2022-10-04 | 北京天融信网络安全技术有限公司 | Method, device, equipment and storage medium for tracking and analyzing attack group |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005149236A (en) * | 2003-11-17 | 2005-06-09 | Nippon Telegr & Teleph Corp <Ntt> | Block automatic extraction apparatus, block automatic extraction method, and program |
| US20100306249A1 (en) * | 2009-05-27 | 2010-12-02 | James Hill | Social network systems and methods |
| CN102595099A (en) * | 2012-02-14 | 2012-07-18 | 北京交通大学 | Cognitive-technology-based video data synthesis method |
| CN103327075A (en) * | 2013-05-27 | 2013-09-25 | 电子科技大学 | Distributed mass organization realizing method based on label interaction |
| US20140067808A1 (en) * | 2012-09-06 | 2014-03-06 | International Business Machines Corporation | Distributed Scalable Clustering and Community Detection |
| CN103699606A (en) * | 2013-12-16 | 2014-04-02 | 华中科技大学 | Large-scale graphical partition method based on vertex cut and community detection |
| CN105279187A (en) * | 2014-07-15 | 2016-01-27 | 天津科技大学 | Edge clustering coefficient-based social network group division method |
| CN105893381A (en) * | 2014-12-23 | 2016-08-24 | 天津科技大学 | Semi-supervised label propagation based microblog user group division method |
| US20170214589A1 (en) * | 2016-01-27 | 2017-07-27 | Linkedin Corporation | Identifying gateway members between groups in social networks |
| CN107730262A (en) * | 2017-10-23 | 2018-02-23 | 阿里巴巴集团控股有限公司 | One kind fraud recognition methods and device |
| CN108073944A (en) * | 2017-10-18 | 2018-05-25 | 南京邮电大学 | A kind of label based on local influence power propagates community discovery method |
| CN108681936A (en) * | 2018-04-26 | 2018-10-19 | 浙江邦盛科技有限公司 | A kind of fraud clique recognition methods propagated based on modularity and balance label |
-
2018
- 2018-11-02 CN CN201811302555.6A patent/CN109949046B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2005149236A (en) * | 2003-11-17 | 2005-06-09 | Nippon Telegr & Teleph Corp <Ntt> | Block automatic extraction apparatus, block automatic extraction method, and program |
| US20100306249A1 (en) * | 2009-05-27 | 2010-12-02 | James Hill | Social network systems and methods |
| CN102595099A (en) * | 2012-02-14 | 2012-07-18 | 北京交通大学 | Cognitive-technology-based video data synthesis method |
| US20140067808A1 (en) * | 2012-09-06 | 2014-03-06 | International Business Machines Corporation | Distributed Scalable Clustering and Community Detection |
| CN103327075A (en) * | 2013-05-27 | 2013-09-25 | 电子科技大学 | Distributed mass organization realizing method based on label interaction |
| CN103699606A (en) * | 2013-12-16 | 2014-04-02 | 华中科技大学 | Large-scale graphical partition method based on vertex cut and community detection |
| CN105279187A (en) * | 2014-07-15 | 2016-01-27 | 天津科技大学 | Edge clustering coefficient-based social network group division method |
| CN105893381A (en) * | 2014-12-23 | 2016-08-24 | 天津科技大学 | Semi-supervised label propagation based microblog user group division method |
| US20170214589A1 (en) * | 2016-01-27 | 2017-07-27 | Linkedin Corporation | Identifying gateway members between groups in social networks |
| CN108073944A (en) * | 2017-10-18 | 2018-05-25 | 南京邮电大学 | A kind of label based on local influence power propagates community discovery method |
| CN107730262A (en) * | 2017-10-23 | 2018-02-23 | 阿里巴巴集团控股有限公司 | One kind fraud recognition methods and device |
| CN108681936A (en) * | 2018-04-26 | 2018-10-19 | 浙江邦盛科技有限公司 | A kind of fraud clique recognition methods propagated based on modularity and balance label |
Non-Patent Citations (2)
| Title |
|---|
| 李俊等: "基于标签传播的社区发现新算法", 《设计与研究》 * |
| 陈晶等: "社交网络中基于模块度最大化的标签传播算法的研究", 《通信学报》 * |
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110348719A (en) * | 2019-06-29 | 2019-10-18 | 上海淇毓信息科技有限公司 | A kind of risk control method based on user information knowledge mapping, device and electronic equipment |
| CN110414987A (en) * | 2019-07-18 | 2019-11-05 | 中国工商银行股份有限公司 | Recognition methods, device and the computer system of account aggregation |
| CN110457893A (en) * | 2019-07-24 | 2019-11-15 | 阿里巴巴集团控股有限公司 | The method and apparatus for obtaining account number group |
| CN110555564A (en) * | 2019-09-06 | 2019-12-10 | 中国农业银行股份有限公司 | Method and device for predicting client associated risk |
| CN110851541A (en) * | 2019-10-30 | 2020-02-28 | 支付宝(杭州)信息技术有限公司 | Method and device for generating risk characteristics based on relational graph |
| CN112860951B (en) * | 2019-11-28 | 2022-08-05 | 武汉斗鱼鱼乐网络科技有限公司 | Method and system for identifying target account |
| CN112860951A (en) * | 2019-11-28 | 2021-05-28 | 武汉斗鱼鱼乐网络科技有限公司 | Method and system for identifying target account |
| CN111080439A (en) * | 2019-12-13 | 2020-04-28 | 南京三百云信息科技有限公司 | Time-based object identification method and device and electronic equipment |
| CN111091287A (en) * | 2019-12-13 | 2020-05-01 | 南京三百云信息科技有限公司 | Risk object identification method and device and computer equipment |
| CN111309822A (en) * | 2020-02-11 | 2020-06-19 | 深圳众赢维融科技有限公司 | User identity identification method and device |
| CN111309822B (en) * | 2020-02-11 | 2023-05-09 | 简链科技(广东)有限公司 | User identity recognition method and device |
| CN111738817A (en) * | 2020-05-15 | 2020-10-02 | 苏宁金融科技(南京)有限公司 | Method and system for identifying risk community |
| CN111709756A (en) * | 2020-06-16 | 2020-09-25 | 银联商务股份有限公司 | Method and device for identifying suspicious communities, storage medium and computer equipment |
| WO2021254027A1 (en) * | 2020-06-16 | 2021-12-23 | 银联商务股份有限公司 | Method and apparatus for identifying suspicious community, and storage medium and computer device |
| CN111915426A (en) * | 2020-08-04 | 2020-11-10 | 中投国信(北京)科技发展有限公司 | Method and system for distinguishing credit users based on graph calculation and community division algorithm |
| CN112001649A (en) * | 2020-08-27 | 2020-11-27 | 支付宝(杭州)信息技术有限公司 | Risk data mining method, device and equipment |
| CN112184299A (en) * | 2020-09-23 | 2021-01-05 | 中国建设银行股份有限公司 | Arbitrage user identification method, apparatus, electronic device and medium |
| CN112330373A (en) * | 2020-11-30 | 2021-02-05 | 中国银联股份有限公司 | User behavior analysis method and device and computer readable storage medium |
| CN112700261A (en) * | 2020-12-30 | 2021-04-23 | 平安科技(深圳)有限公司 | Suspicious community-based brushing behavior detection method, device, equipment and medium |
| CN112700261B (en) * | 2020-12-30 | 2023-06-06 | 平安科技(深圳)有限公司 | Method, device, equipment and medium for detecting single file of brushing on basis of suspicious communities |
| CN113033966A (en) * | 2021-03-03 | 2021-06-25 | 携程旅游信息技术(上海)有限公司 | Risk target identification method and device, electronic equipment and storage medium |
| CN113722576A (en) * | 2021-05-07 | 2021-11-30 | 北京达佳互联信息技术有限公司 | Network security information processing method, query method and related device |
| CN113869904A (en) * | 2021-08-16 | 2021-12-31 | 工银科技有限公司 | Suspicious data identification method, device, electronic equipment, medium and computer program |
| CN113724073A (en) * | 2021-09-09 | 2021-11-30 | 支付宝(杭州)信息技术有限公司 | Risk identification and control method and device |
| CN113807723A (en) * | 2021-09-24 | 2021-12-17 | 重庆富民银行股份有限公司 | Risk identification method for knowledge graph |
| CN113807723B (en) * | 2021-09-24 | 2023-11-03 | 重庆富民银行股份有限公司 | Risk identification method for knowledge graph |
| CN114444873A (en) * | 2021-12-28 | 2022-05-06 | 支付宝(杭州)信息技术有限公司 | Risk identification method, device and equipment |
| CN115150130A (en) * | 2022-06-08 | 2022-10-04 | 北京天融信网络安全技术有限公司 | Method, device, equipment and storage medium for tracking and analyzing attack group |
| CN115150130B (en) * | 2022-06-08 | 2023-11-10 | 北京天融信网络安全技术有限公司 | Tracking analysis method, device, equipment and storage medium for attack group |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109949046B (en) | 2023-06-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109949046A (en) | The recognition methods of risk clique and device | |
| CN109598509B (en) | Identification method and device for risk group partner | |
| CN109344326B (en) | Social circle mining method and device | |
| CN109672980B (en) | Method, device and storage medium for determining wireless local area network hotspot corresponding to interest point | |
| CN110224859B (en) | Method and system for identifying a group | |
| CN104915351A (en) | Picture sorting method and terminal | |
| CN105335409A (en) | Target user determination method and device and network server | |
| CN103970830B (en) | Information recommendation method and device | |
| CN109408522A (en) | A kind of update method and device of user characteristic data | |
| CN106296344A (en) | Maliciously address recognition methods and device | |
| CN115632839B (en) | Intelligent campus environment network supervision method and system | |
| CN113239249A (en) | Object association identification method and device and storage medium | |
| CN110046944A (en) | Invoice creation method and device, electronic equipment based on block chain | |
| CN105045911A (en) | Label generating method for user to mark and label generating equipment for user to mark | |
| CN109213831A (en) | Event detecting method and device calculate equipment and storage medium | |
| CN111582935A (en) | Block chain-based integral mutual identification method and system | |
| CN107454261A (en) | A kind of weather icon display methods, device and mobile terminal | |
| CN112925899B (en) | Ordering model establishment method, case clue recommendation method, device and medium | |
| CN114531302A (en) | Data encryption method, device and storage medium | |
| CN112235714B (en) | POI positioning method and device based on artificial intelligence, computer equipment and medium | |
| CN109785422A (en) | The construction method and device of three-dimensional power grid scene | |
| CN107665307A (en) | Application identification method and device, electronic equipment and storage medium | |
| CN103095774B (en) | Map constructing method and equipment and the method and apparatus that map structuring information is provided | |
| CN116304885A (en) | Event identification method, device and equipment based on graph node embedding | |
| CN110059097A (en) | Data processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20201012 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20201012 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Applicant before: Alibaba Group Holding Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |